Added escaping of changelist content for the /release/ pages.

- Legacy-Id: 9827
2015-07-20 13:49:06 +00:00 · 2015-07-20 13:49:06 +00:00 · ab61063882
parent 1d4dd91ca2
commit ab61063882
1 changed files with 2 additions and 1 deletions
--- a/ietf/release/views.py
+++ b/ietf/release/views.py
@ -7,6 +7,7 @@ from django.template import RequestContext
 from django.shortcuts import render_to_response
 from django.conf import settings
 from django.http import HttpResponse
+from django.utils.html import escape

 import changelog

@ -33,7 +34,7 @@ def release(request, version=None):
    entries = dict((entry.version, entry) for entry in log_entries)
    if version == None or version not in entries:
        version = log_entries[0].version
-    entries[version].logentry = trac_links(entries[version].logentry.strip('\n'))
+    entries[version].logentry = trac_links(escape(entries[version].logentry.strip('\n')))

    code_coverage_url = None
    code_coverage_time = None